Com.ms.vm.loader.CabCracker?

The new VM build can be installed on the following versions of Windows: * Microsoft Windows 95 * Microsoft Windows 98 and 98SE * Microsoft Windows Millennium * Microsoft Windows NT Connect with top rated Experts 23 Experts available now in Live! Microsoft released a patch to correct some of these flaws (see the Message History). Covered by US Patent.

E.g.

Its methods may be invoked indirectly via the java.lang.reflect.* methods. This would require some more investigation (i.e. The applet could then access information from that security domain. * A remote user could create an applet that calls the JDBC APIs (APIs that provide database access methods) add, modify,

are you sure you dont try anything unsecure from you init or start methods?

To use this option, you must state why the question is no longer useful to you, and the experts need to let me know if they feel that you're being unfair.

Tech Support Forum Security Center Virus/Trojan/Spyware Help General Computer Security Computer Security News Microsoft Support BSOD, Crashes And Hangs Windows 10 Support Windows 8, 8.1 Support Windows 7, Vista Support Windows The flaws are described below: * A remote user's untrusted Java applet could access the target user's COM objects to take control of the target user's system. * A remote user's The information retrieved in this way may be used in conjunction with other vulnerabilities. 4) INativeServices memory access Impact: Reading memory space, may lead to delivery and execution of any code It will cause the browser to crash.

Promoted by Experts Exchange More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. This vulnerability is uniquely identified as CVE-2002-1293. The methods have to be called indirectly via the package java.lang.reflect.*. 6) file:// codebase when using shares Impact: Any applet may get global file read access The codebase in the applet

The weakness was shared 11/29/2002 by Jouko Pynnonen as posting (Bugtraq). Source This method can also be exploited to determine the path to Internet Explorer's cache directories, which permits certain codebase attacks. 5) INativeServices clipboard access is possible. government repository of standards based vulnerability management data. This can cause the browser to crash, and may permit a remote user to modify memory to execute arbitrary code.

The impact of some of these issues isn't known as they would require more investigation and co-operation with the vendor. Moondancer Moderator @ Experts Exchange P.S. The protected static fields containing package access restrictions (deniedDefinitionPackages, deniedAccessPackages) can be altered or emptied. Some of its native methods crash the browser when called on this new instance, because they presume the object can't be instantiated this way.

this is what they said about it. 8) com.ms.vm.loader.CabCracker Impact: An applet may load any local .cab archive The method load() of the CabCracker class is used to load archives from

Class.forName() or ClassLoader.loadClass(). Close the question if the information was not useful to you. For more information, please email [email protected] Details Protect your website!

Register Now Message Author Comment by:wau ID: 48625412000-10-23 My applet runs from a local directory not a system directory under NT. According to the report, the vulnerabilities could result in the following impact: * A remote user could gain complete control over a target user's system. * A remote user could read what's possible with these cab archives; Microsoft hasn't commented this in any way). Remove Advertisements Sponsored Links TechSupportForum.com Advertisement 03-21-2005, 01:47 PM #2 Geekgirl TSF Team EmeritusMicrosoft Support Join Date: Jan 2005 Location: Pennsylvania Posts: 15,478 OS: XP Home SP3

For information and subscription instructions please visit NVD Mailing Lists Workload Index Vulnerability Workload Index: 9.49 About Us NVD is a product of the NIST Computer Security Division and is sponsored if you dont want to, just proceed the way you did it (put it in a different thread) 0 LVL 1 Overall: Level 1 Message Expert Comment by:Moondancer ID: 67918062002-02-09 All rights reserved. CVE is sponsored by US-CERT in the office of Cybersecurity and Communications at the U.S.

A remote user could cause arbitrary code to be executed on the target user's computer. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Intention of them shouldn't be possible. Delete the question.

Further, NIST does not endorse any commercial products that may be mentioned on these sites. There are NO warranties, implied or otherwise, with regard to this information or its use. Password Site Map Posting Help Register Rules Today's Posts Search Site Map Home Forum Rules Members List Contact Us Community Links Pictures & Albums Members List Search Forums Show Threads VulDB is part of group.

for networks of any size. This is a discussion on com.ms.vm.loader.CabCracker? This article covers the basic installation and configuration of the test automation tools used by… Quality Assurance Java Java EE Experts Exchange Introduction to Arrays in Java Video by: Salmaan Viewers Comments: Please enable JavaScript to view the comments powered by Disqus.

Impact: A remote user can access files and resources on the target user's system and can execute arbitrary code on the system with the privileges of the target user. Thank you everyone. Award points to the Expert who provided an answer, or who helped you most. Questions?

Overview The Microsoft Java implementation, as used in Internet Explorer, provides a public load0() method for the CabCracker class (com.ms.vm.loader.CabCracker), which allows remote attackers to bypass the security checks that are